security/sandbox/win/src/sandbox_policy_base.h@6474c204b198 (annotated)
security/sandbox/win/src/sandbox_policy_base.h
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
| michael@0 | 1 | // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| michael@0 | 2 | // Use of this source code is governed by a BSD-style license that can be |
| michael@0 | 3 | // found in the LICENSE file. |
| michael@0 | 4 | |
| michael@0 | 5 | #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_ |
| michael@0 | 6 | #define SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_ |
| michael@0 | 7 | |
| michael@0 | 8 | #include <windows.h> |
| michael@0 | 9 | |
| michael@0 | 10 | #include <list> |
| michael@0 | 11 | #include <vector> |
| michael@0 | 12 | |
| michael@0 | 13 | #include "base/basictypes.h" |
| michael@0 | 14 | #include "base/compiler_specific.h" |
| michael@0 | 15 | #include "base/strings/string16.h" |
| michael@0 | 16 | #include "sandbox/win/src/crosscall_server.h" |
| michael@0 | 17 | #include "sandbox/win/src/handle_closer.h" |
| michael@0 | 18 | #include "sandbox/win/src/ipc_tags.h" |
| michael@0 | 19 | #include "sandbox/win/src/policy_engine_opcodes.h" |
| michael@0 | 20 | #include "sandbox/win/src/policy_engine_params.h" |
| michael@0 | 21 | #include "sandbox/win/src/sandbox_policy.h" |
| michael@0 | 22 | #include "sandbox/win/src/win_utils.h" |
| michael@0 | 23 | |
| michael@0 | 24 | namespace sandbox { |
| michael@0 | 25 | |
| michael@0 | 26 | class AppContainerAttributes; |
| michael@0 | 27 | class LowLevelPolicy; |
| michael@0 | 28 | class TargetProcess; |
| michael@0 | 29 | struct PolicyGlobal; |
| michael@0 | 30 | |
| michael@0 | 31 | // We act as a policy dispatcher, implementing the handler for the "ping" IPC, |
| michael@0 | 32 | // so we have to provide the appropriate handler on the OnMessageReady method. |
| michael@0 | 33 | // There is a static_cast for the handler, and the compiler only performs the |
| michael@0 | 34 | // cast if the first base class is Dispatcher. |
| michael@0 | 35 | class PolicyBase : public Dispatcher, public TargetPolicy { |
| michael@0 | 36 | public: |
| michael@0 | 37 | PolicyBase(); |
| michael@0 | 38 | |
| michael@0 | 39 | // TargetPolicy: |
| michael@0 | 40 | virtual void AddRef() OVERRIDE; |
| michael@0 | 41 | virtual void Release() OVERRIDE; |
| michael@0 | 42 | virtual ResultCode SetTokenLevel(TokenLevel initial, |
| michael@0 | 43 | TokenLevel lockdown) OVERRIDE; |
| michael@0 | 44 | virtual ResultCode SetJobLevel(JobLevel job_level, |
| michael@0 | 45 | uint32 ui_exceptions) OVERRIDE; |
| michael@0 | 46 | virtual ResultCode SetAlternateDesktop(bool alternate_winstation) OVERRIDE; |
| michael@0 | 47 | virtual string16 GetAlternateDesktop() const OVERRIDE; |
| michael@0 | 48 | virtual ResultCode CreateAlternateDesktop(bool alternate_winstation) OVERRIDE; |
| michael@0 | 49 | virtual void DestroyAlternateDesktop() OVERRIDE; |
| michael@0 | 50 | virtual ResultCode SetIntegrityLevel(IntegrityLevel integrity_level) OVERRIDE; |
| michael@0 | 51 | virtual ResultCode SetDelayedIntegrityLevel( |
| michael@0 | 52 | IntegrityLevel integrity_level) OVERRIDE; |
| michael@0 | 53 | virtual ResultCode SetAppContainer(const wchar_t* sid) OVERRIDE; |
| michael@0 | 54 | virtual ResultCode SetCapability(const wchar_t* sid) OVERRIDE; |
| michael@0 | 55 | virtual ResultCode SetProcessMitigations(MitigationFlags flags) OVERRIDE; |
| michael@0 | 56 | virtual MitigationFlags GetProcessMitigations() OVERRIDE; |
| michael@0 | 57 | virtual ResultCode SetDelayedProcessMitigations( |
| michael@0 | 58 | MitigationFlags flags) OVERRIDE; |
| michael@0 | 59 | virtual MitigationFlags GetDelayedProcessMitigations() OVERRIDE; |
| michael@0 | 60 | virtual void SetStrictInterceptions() OVERRIDE; |
| michael@0 | 61 | virtual ResultCode SetStdoutHandle(HANDLE handle) OVERRIDE; |
| michael@0 | 62 | virtual ResultCode SetStderrHandle(HANDLE handle) OVERRIDE; |
| michael@0 | 63 | virtual ResultCode AddRule(SubSystem subsystem, Semantics semantics, |
| michael@0 | 64 | const wchar_t* pattern) OVERRIDE; |
| michael@0 | 65 | virtual ResultCode AddDllToUnload(const wchar_t* dll_name); |
| michael@0 | 66 | virtual ResultCode AddKernelObjectToClose(const char16* handle_type, |
| michael@0 | 67 | const char16* handle_name) OVERRIDE; |
| michael@0 | 68 | |
| michael@0 | 69 | // Dispatcher: |
| michael@0 | 70 | virtual Dispatcher* OnMessageReady(IPCParams* ipc, |
| michael@0 | 71 | CallbackGeneric* callback) OVERRIDE; |
| michael@0 | 72 | virtual bool SetupService(InterceptionManager* manager, int service) OVERRIDE; |
| michael@0 | 73 | |
| michael@0 | 74 | // Creates a Job object with the level specified in a previous call to |
| michael@0 | 75 | // SetJobLevel(). |
| michael@0 | 76 | ResultCode MakeJobObject(HANDLE* job); |
| michael@0 | 77 | |
| michael@0 | 78 | // Creates the two tokens with the levels specified in a previous call to |
| michael@0 | 79 | // SetTokenLevel(). |
| michael@0 | 80 | ResultCode MakeTokens(HANDLE* initial, HANDLE* lockdown); |
| michael@0 | 81 | |
| michael@0 | 82 | const AppContainerAttributes* GetAppContainer(); |
| michael@0 | 83 | |
| michael@0 | 84 | // Adds a target process to the internal list of targets. Internally a |
| michael@0 | 85 | // call to TargetProcess::Init() is issued. |
| michael@0 | 86 | bool AddTarget(TargetProcess* target); |
| michael@0 | 87 | |
| michael@0 | 88 | // Called when there are no more active processes in a Job. |
| michael@0 | 89 | // Removes a Job object associated with this policy and the target associated |
| michael@0 | 90 | // with the job. |
| michael@0 | 91 | bool OnJobEmpty(HANDLE job); |
| michael@0 | 92 | |
| michael@0 | 93 | EvalResult EvalPolicy(int service, CountedParameterSetBase* params); |
| michael@0 | 94 | |
| michael@0 | 95 | HANDLE GetStdoutHandle(); |
| michael@0 | 96 | HANDLE GetStderrHandle(); |
| michael@0 | 97 | |
| michael@0 | 98 | private: |
| michael@0 | 99 | ~PolicyBase(); |
| michael@0 | 100 | |
| michael@0 | 101 | // Test IPC providers. |
| michael@0 | 102 | bool Ping(IPCInfo* ipc, void* cookie); |
| michael@0 | 103 | |
| michael@0 | 104 | // Returns a dispatcher from ipc_targets_. |
| michael@0 | 105 | Dispatcher* GetDispatcher(int ipc_tag); |
| michael@0 | 106 | |
| michael@0 | 107 | // Sets up interceptions for a new target. |
| michael@0 | 108 | bool SetupAllInterceptions(TargetProcess* target); |
| michael@0 | 109 | |
| michael@0 | 110 | // Sets up the handle closer for a new target. |
| michael@0 | 111 | bool SetupHandleCloser(TargetProcess* target); |
| michael@0 | 112 | |
| michael@0 | 113 | // This lock synchronizes operations on the targets_ collection. |
| michael@0 | 114 | CRITICAL_SECTION lock_; |
| michael@0 | 115 | // Maintains the list of target process associated with this policy. |
| michael@0 | 116 | // The policy takes ownership of them. |
| michael@0 | 117 | typedef std::list<TargetProcess*> TargetSet; |
| michael@0 | 118 | TargetSet targets_; |
| michael@0 | 119 | // Standard object-lifetime reference counter. |
| michael@0 | 120 | volatile LONG ref_count; |
| michael@0 | 121 | // The user-defined global policy settings. |
| michael@0 | 122 | TokenLevel lockdown_level_; |
| michael@0 | 123 | TokenLevel initial_level_; |
| michael@0 | 124 | JobLevel job_level_; |
| michael@0 | 125 | uint32 ui_exceptions_; |
| michael@0 | 126 | bool use_alternate_desktop_; |
| michael@0 | 127 | bool use_alternate_winstation_; |
| michael@0 | 128 | // Helps the file system policy initialization. |
| michael@0 | 129 | bool file_system_init_; |
| michael@0 | 130 | bool relaxed_interceptions_; |
| michael@0 | 131 | HANDLE stdout_handle_; |
| michael@0 | 132 | HANDLE stderr_handle_; |
| michael@0 | 133 | IntegrityLevel integrity_level_; |
| michael@0 | 134 | IntegrityLevel delayed_integrity_level_; |
| michael@0 | 135 | MitigationFlags mitigations_; |
| michael@0 | 136 | MitigationFlags delayed_mitigations_; |
| michael@0 | 137 | // The array of objects that will answer IPC calls. |
| michael@0 | 138 | Dispatcher* ipc_targets_[IPC_LAST_TAG]; |
| michael@0 | 139 | // Object in charge of generating the low level policy. |
| michael@0 | 140 | LowLevelPolicy* policy_maker_; |
| michael@0 | 141 | // Memory structure that stores the low level policy. |
| michael@0 | 142 | PolicyGlobal* policy_; |
| michael@0 | 143 | // The list of dlls to unload in the target process. |
| michael@0 | 144 | std::vector<string16> blacklisted_dlls_; |
| michael@0 | 145 | // This is a map of handle-types to names that we need to close in the |
| michael@0 | 146 | // target process. A null set means we need to close all handles of the |
| michael@0 | 147 | // given type. |
| michael@0 | 148 | HandleCloser handle_closer_; |
| michael@0 | 149 | std::vector<string16> capabilities_; |
| michael@0 | 150 | scoped_ptr<AppContainerAttributes> appcontainer_list_; |
| michael@0 | 151 | |
| michael@0 | 152 | static HDESK alternate_desktop_handle_; |
| michael@0 | 153 | static HWINSTA alternate_winstation_handle_; |
| michael@0 | 154 | |
| michael@0 | 155 | DISALLOW_COPY_AND_ASSIGN(PolicyBase); |
| michael@0 | 156 | }; |
| michael@0 | 157 | |
| michael@0 | 158 | } // namespace sandbox |
| michael@0 | 159 | |
| michael@0 | 160 | #endif // SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_ |
